In some older versions of Ioncube you can decrypt this "encrypted" files:

Bad news again!, This Version of ionCube was not vulnerable to a possible decryption , I was disappointed because If I had the source I had the core.

This could help me to find more cool issues such as: Command Execution, Local File Inclusion, etc..,

Anyway i dropped this subject and keep my research on,

I found this interesting file called wmPassupdate.html,

This file used for a Password Recovery in Accellion Secure Files Transfer,

I realized that there is another parameter in the Cookie when you are trying to recover your password in wmPassupdate.html,

This parameter call referer, I found that the value of this parameter use Base64 encoding, Wtf?, I didn't think Base64 (for encryption) was still alive these days, Yes, It appears so :),

So i decoded the base64 value, And so that the decoded data appeared to be my email address ("dbeckyxx@gmail.com"), Cool!, I started to delete all the "junk" cookies un-uneeded parameters and kept only the referer parameter,

I encoded back to Base64 a different email of my test account in files.fb.com, And then copied it into the referer cookie parameter,

Then i started to change the email address parameter in my POST request, to the victim email account and change the pass1,pass2, to my chosen password,

And

PoC Image:

PoC Video:

Facebook, Accellion Fixed this issues, I also reported 20+ different bugs in Accellion Secure File Transfer Service, They fixed all of them :) Soon i will publish OAuth bypass in Facebook.com, Cya Next time!,